1. Field of the Invention
Embodiments of the present invention generally relate to network computing and, more particularly, to a method and system for protecting user identification information within a network environment.
2. Description of the Related Art
Present day computer systems connect and exchange information extensively through telecommunications networks, such as the Internet. These interactions involve many transactions that may require a user's identity information such as, for example, login information, passwords, social security information or other user credentials, to be disclosed. This user identity information is sometimes under threat due to malicious agents or social attacks such as phishing attacks, in which a “phisher” misguides a user to fake website that looks substantially identical to a genuine website. Thereafter, the user is required to disclose his or her identity information to the phishing website. In this way, the user security information is thus compromised and this information may then be used by the phisher for purposes malicious to or undesirable for the user.
While phishing is a relatively recent phenomenon, the intensity and the sophistication of phishing attacks have increased significantly in the past few years. Most users tend to have passwords that are derived from a user's personal information including date of birth, spouse's name, among others, and such passwords are generally classified as having low strength, that is, are considered easily decipherable, especially by attacks also generally categorized as “brute force” attacks. Further vulnerability is introduced by user habits, such as sharing the same password across various websites. So, for example, a user may have the same login information in an email account as with his or her bank, and in case a phishing attack is successful on the email account, the security of the user's bank account may also be compromised. Even though the individual password may be strong, the repeated use of the password reduces its strength. Phishers or other malicious agents exploit this human trait to fetch the user credentials.
Accordingly, there exists a need for a method and system that strengthen a user's password or other login information in a holistic manner.